WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure

WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address. id: CVE-2022-2373 info: name: WordPress Simply Schedu...

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

EUVD-2026-36927

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

EUVD-2026-36944

Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...

EUVD-2026-36952

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

CVE-2026-42384

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

CVE-2026-39513

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

CVE-2026-39493

Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...

CVE-2026-39447

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

CVE-2026-42384 WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

EUVD-2026-36812

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

CVE-2026-42384

CVE-2026-42384 concerns the WordPress plugin “Simply Schedule Appointments” (versions prior to 1.6.11.2). The entry documents an unauthenticated, sensitive data exposure vulnerability affecting this plugin. The vulnerability is described as exposing sensitive data without authentication, with a C...

CVE-2026-39513 WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

CVE-2026-39513

CVE-2026-39513 affects the WordPress Easy Appointments plugin for versions up to 3.12.21, with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product, version range, and vulnerability type but do not provide exploitation details, confirmed roo...

CVE-2026-39493

CVE-2026-39493 : The WordPress plugin Simply Schedule Appointments (versions

CVE-2026-39493 WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...

CVE-2026-39447

CVE-2026-39447: Unauthenticated Cross-Site Scripting (XSS) in the WordPress plugin Simply Schedule Appointments (versions

CVE-2026-39447 WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

PT-2026-49372

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

PT-2026-49391

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...